Hi Roland, I have used the attached debdiff for preparing the wheezy-security update (not yet released though).
Regards, Salvatore
diff -Nru polarssl-1.2.9/debian/changelog polarssl-1.2.9/debian/changelog --- polarssl-1.2.9/debian/changelog 2014-12-30 00:56:22.000000000 +0100 +++ polarssl-1.2.9/debian/changelog 2015-01-21 21:14:02.000000000 +0100 @@ -1,3 +1,12 @@ +polarssl (1.2.9-1~deb7u5) wheezy-security; urgency=high + + * Non-maintainer upload by the Security Team. + * Add CVE-2015-1182.patch patch. + CVE-2015-1182: Denial of service and possible remote code execution + using crafted certificates. (Closes: #775776) + + -- Salvatore Bonaccorso <[email protected]> Wed, 21 Jan 2015 20:58:06 +0100 + polarssl (1.2.9-1~deb7u4) wheezy-security; urgency=low * CVE-2014-8628 diff -Nru polarssl-1.2.9/debian/patches/CVE-2015-1182.patch polarssl-1.2.9/debian/patches/CVE-2015-1182.patch --- polarssl-1.2.9/debian/patches/CVE-2015-1182.patch 1970-01-01 01:00:00.000000000 +0100 +++ polarssl-1.2.9/debian/patches/CVE-2015-1182.patch 2015-01-21 21:14:02.000000000 +0100 @@ -0,0 +1,33 @@ +Description: Remote attack using crafted certificates + During the parsing of a ASN.1 sequence, a pointer in the linked list of + asn1_sequence is not initialized by asn1_get_sequence_of(). In case an + error occurs during parsing of the list, a situation is created where + the uninitialized pointer is passed to polarssl_free(). + . + This sequence can be triggered when a PolarSSL entity is parsing a + certificate. So practically this means clients when receiving a + certificate from the server or servers in case they are actively asking + for a client certificate. + . + Depending on the attackers knowledge of the system under attack, this + results at the lowest into a denial of service, and at the most a + possible remote code execution. + . + CVE-2015-1182 +Origin: upstream, https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2014-04 +Bug-Debian: https://bugs.debian.org/775776 +Forwarded: not-needed +Author: Salvatore Bonaccorso <[email protected]> +Last-Update: 2015-01-21 + +--- a/library/asn1parse.c ++++ b/library/asn1parse.c +@@ -244,6 +244,8 @@ int asn1_get_sequence_of( unsigned char + if( cur->next == NULL ) + return( POLARSSL_ERR_ASN1_MALLOC_FAILED ); + ++ memset( cur->next, 0, sizeof( asn1_sequence ) ); ++ + cur = cur->next; + } + } diff -Nru polarssl-1.2.9/debian/patches/series polarssl-1.2.9/debian/patches/series --- polarssl-1.2.9/debian/patches/series 2014-12-30 00:55:45.000000000 +0100 +++ polarssl-1.2.9/debian/patches/series 2015-01-21 21:14:02.000000000 +0100 @@ -4,3 +4,4 @@ 04-update-certs-in-testsuite.patch CVE-2014-4911.patch CVE-2014-8628.patch +CVE-2015-1182.patch
signature.asc
Description: Digital signature
